Cardano developers have been holding their breath for a crucial component of the smart contract stack: the ominous PAB. This passed rather unnoticed by the ordinary user as the first dApps on Cardano went live around January this year and, with a blooming ecosystem since, everything seems to be going fine.
But is it ? The Plutus Application Backend (PAB) is a software component that sits at the boundary between the frontend (e.g. the web page) and the blockchain. When the user presses a button to swap Ada for Hosky on SundaeSwap for instance, this request is forwarded to the PAB. The PAB then looks at the blockchain, fetches the right liquidity pool, and constructs the transaction which is finally returned to the frontend. The frontend then passes the transaction to the user’s wallet for signature.
This all sounds good except that SundaeSwap is not using the PAB. Neither are most of the other big projects. The reason is that the process described above does not currently work. To understand why let’s dig deeper. The smart contract model that Cardano developed has a clever feature that is often overlooked: it permits to split the transaction construction into two steps:
The first step builds the core; this is the part where the logic of the dApp is needed. In the swapping transaction above, the liquidity pool would be included in the transaction with a change in funds according to the specific amounts swapped.
The first step produces the so called unbalanced transaction. The balancing happens in the second step. This step is independent of the dApp logic and can be handled in a generic fashion by the user’s wallet which only needs to provide the necessary funds to balance the transaction. The balanced transaction can then be signed by the wallet and be submitted to the blockchain.
In this model, the dApp only needs to know which action the user wants to perform. The balancing, signing and submitting are handled by the user’s wallet.
So can we pass a transaction to Nami, Yoroi or other browser wallets for balancing ? The answer is no. Not as of February 2022. It turns out that balancing transactions that contain smart contracts —i.e. almost any transaction that is not a simple fund transfer— impacts transaction fees. Fees are not very high on Cardano —typically below one Ada which is traded for around 1 dollar at the time of writing. Although not high, they need to be included. Calculating the exact amount requires the execution of the smart contracts contained in the transaction. The more complex the contract is, i.e. the more memory and execution steps it needs, the higher the fees. This protects the blockchain from denial of service attacks and is a characteristic of all current blockchains. The execution of these contracts, however, is not easily achievable for a browser wallet as the components to do this are not yet available.
Then, how are current dApps integrating browser wallets ? They do it by executing both of the steps above: they build the core transaction and then also balance it to get a complete transaction that can be passed to the wallet for signature. This can be implemented by using the Cardano command line tools such as Cardano Wallet. It is not a beautiful implementation but it works.
Until recently, I was convinced that the PAB should implement an interface to generate balanced transactions that can then be handed over to the browser wallet. This would deprecate the ugly command line approach and provide a very powerful tool for developers. I have changed my mind since. It is not easy to get in touch with the developers of Cardano. But when it happens, I always walk away with additional insights. My last discussion got me rethinking how I would implement the feature myself and I realised that I would need to request a list of all the funds which are sitting in the user’s wallet. This is what current dApps in the Cardano ecosystem do: they require you to hand over your public keys before accepting any transaction request.
Users with an Ethereum background might have accepted it as an inevitable side effect, but on Cardano it is not a necessity to identify your wallet with the dApp to perform transactions. One of the beauties of Cardano’s smart contract model is that dApps can stay completely agnostic of the user’s wallet: dApps don’t need to know who they are interacting with, they just need to know what the user wants ! This is a strong feature and helps privacy protection. Additionally, Cardano inherits further privacy protection measures from its blockchain model. A wallet, on the Cardano blockchain, can be viewed as a set of different addresses derived from one private root key. Your wallet’s funds are sitting at these different addresses, which cannot be linked to each other. Therefore, giving away one address does not expose your whole wallet. Yoroi uses this property to generate a new address after each payment received. The last thing you want to do (after handing over your private keys of course, which you should never ever do) is to hand over all your fund addresses to a random webpage to claim your meme tokens.
Unfortunately, currently, when connecting your browser wallet to a service, you grant read-access to all your funds as well. This is because browser wallets implement CIP-30 which is a standard that defines the connection of dApps to browser wallets. CIP-30 defines only one access right and, when granted by the user, the webpage can read the wallet’s funds. This circumvents Cardano’s privacy protection features and unnecessarily exposes the dApp user.
Where does this leave us ? Currently, dApps are getting too much sensitive information. To change this and to transitioning to a better world, we need a missing piece: browser wallets need to be able to balance transactions. Once browser wallets have this capability, we need a new standard that allows the user to grant only the right to pass transactions to the wallet —as opposed to granting read access to the public keys and available funds of the wallet. This was the original idea of Cardano’s smart contract model.
In summary, the PAB is ready. We’ve been waiting for the wrong component all along. We need wallets to step up their game.